Are you using claude code, aider, or other agentic tools with risky capabilities? How are you mitigating that risk? For tools with filesystem or shell access, I'm especially concerned with destructive operations (`rm ~`) and data exfil, since this applies even to local models.